保护 .NET 代码免受逆向工程? [英] Protect .NET code from reverse engineering?

问题描述

混淆是一种方式，但它不能防止破坏应用程序的盗版保护安全.如何确保应用不被篡改，如何确保注册机制不被逆向工程?

Obfuscation is one way, but it can't protect from breaking the piracy protection security of the application. How do I make sure that the application is not tampered with, and how do I make sure that the registration mechanism can't be reverse engineered?

还可以将 C# 应用程序转换为本机代码，以及 Xenocode 太贵了.

Also it is possible to convert a C# application to native code, and Xenocode is too costly.

C# 提供了很多功能，并且是我的代码的理想语言，因此再次用 C++ 编写整个代码库是不可能的.

C# provides lot of features, and is the ideal language for my code, so writing the whole codebase again in C++ is out of the question.

可以轻松地从 .NET 中的签名程序集中删除安全证书.

Secure certificates can be easily removed from the signed assemblies in .NET.

推荐答案

你不能.

您可以采取一些步骤使其稍微变得更加困难，但最终本地计算机上的任何可执行文件都是可以破解的.最终，该代码必须转换为本机机器代码，并且每个可运行的应用程序都是易受攻击的.

There are steps you can take to make it a little more difficult, but ultimately any executable on the local machine is crackable. Eventually, that code has to be converted into native machine code and every application that is runnable is vulnerable.

你想做的只是让它难以破解，让它不值得人们麻烦.

What you want to do is just make it difficult enough to crack to make it not worth peoples' trouble.

我有一些建议可以帮助保护您的应用程序:

Some suggestions I have for you to help protect your application:

• 混淆您的代码.Dotfuscator 有一个免费版本，并附带 Visual Studio.
• 使用公钥/私钥或非对称加密生成您的产品许可证.这可确保只有 您 可以生成您的许可证代码.即使您的应用程序被破解，您也可以确定他们不会为您的应用程序发布密钥生成器，因为无法逆转密钥生成算法.
• 使用第三方打包程序将您的 .NET 可执行文件打包到加密的 Win32 包装应用程序中.Themida 是比较好的之一.这会阻止人们在 .NET Reflector 中反映您的应用程序，并让解包变得很痛苦用于倒车.
• 编写您自己的自定义打包程序.如果第三方打包程序太贵，请考虑自己编写.有时自定义打包器可能非常有效，因为没有很好的方法来解包它们.教程如何编写自己的打包程序 提供了大量关于编写自己的 Win32 打包程序的好信息.

• Obfuscate your code. Dotfuscator has a free edition and comes with Visual Studio.
• Use public/private key or asymmetric encryption to generate your product licenses. This ensures that only you can generate your license codes. Even if your application is cracked, you can be sure that they won't be releasing a key generator for your application, because it is impossible to reverse the key generating algorithm.
• Use a third-party packer to pack your .NET executable into an encrypted Win32 wrapper application. Themida is one of the better ones. This stops people from reflecting your application in .NET Reflector and makes it a pain to unpack for reversing.
• Write your own custom packer. If the third-party packers are too expensive, consider writing your own. Sometimes custom packers can be very effective, because there aren't well published methods on how to unpack them. The tutorial How to write your own packer gives a ton of good information on writing your own Win32 packer.

但最终，如果人们希望您的应用程序被破解，他们会的.看看那些拥有大量资源来保护其应用程序的商业软件，但它们甚至在应用程序发布给公众之前就被破解了.

Ultimately though, if people want your application cracked they will. Look at all the commercial software out there that has a vast amount of resources to protect their applications and yet they are cracked before the applications are even released to the public.

熟练的逆向工程师可以启动 IDA-Pro 并像黄油一样切入您的应用程序无论你做什么.打包的应用程序可以被解包，混淆只会阻止它在公园里散步.您使用复杂的许可证代码所做的所有辛勤工作都可以通过一个字节补丁来撤消.

A skilled reverse engineer can fire up IDA-Pro and slice through your application like butter no matter what you do. A packed application can be unpacked and obfuscation only prevents it from making it a walk in the park. All your hard work with your complex license code can be undone with a single byte patch.

您只需要接受人们很有可能会盗版您的软件.无论如何，有些人永远不会为您的申请付费，而这些人是您无需担心的.

You just need to accept that there is a very real chance people are going to pirate your software. There are some people who are never going to pay for your application no matter what and these are the people you don't need to worry about.

但是，有许多企业永远不会冒险提起诉讼并乐于购买软件许可证，而许多计算机用户要么不想冒险，要么发现它错了，要么对盗版技术不够了解.这些是您真正的客户，您应该集中精力为他们提供良好的用户体验，而忽略破解您软件的人.

There are however, many businesses out there who would never risk a lawsuit and happily buy software licenses and many computer users who either don't want to risk it, find it wrong or are not tech savvy enough to pirate. These are your true customers, and you should focus your efforts on providing them with a good user experience and ignore the people cracking your software.

我的应用程序以前曾被盗版，我认为这是对我个人的侮辱.在这里，我是一个小开发人员，全心全意地投入到应用程序中，而这些人竟敢从我这里盗版?！他们直接从我的口袋里拿钱！

I've had my application pirated before, and I took it as a personal affront. Here I was, a small-time developer, pouring my heart and soul into an application and these people had the gall to pirate from me?! They were taking money directly from my pocket!

我立即添加了一堆严苛的 DRM 代码，并试图破坏任何使用非法或破解副本的人.我当然应该一直致力于使我的应用程序更好，而不是试图阻止不可避免的事情.不仅如此，我还伤害了我的真正的客户，我所设置的所有这些额外的保护措施都会伤害到我.

I immediately added in a bunch of draconian DRM code and attempted to sabotage any person using an illegitimate or cracked copy. I should of course have been working on making my application better instead of trying to stop the inevitable. Not only that, but I was hurting my true customers will all these extra protections I was putting in.

经过长时间的战斗，我意识到我正在与潮流搏斗，而浪费的所有时间都是徒劳的.除了准系统许可功能外，我取出了所有的电话回乡代码，再也没有回头.

After a long battle I realized I was fighting the tides and all this time wasted was for naught. I took out all the phone-home code except for the barebones license functions and never looked back.

这篇关于保护 .NET 代码免受逆向工程?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！